Cisco Wednesday issued a security alert warning of a quartet of vulnerabilities affecting all of its wireless LAN controllers, including the Catalyst 6500 and 7600 wireless modules, with software version 4.2 or higher.

Three are denial-of-service attacks. The fourth, specific to one particular software version, could allow a restricted user to gain full administrative rights to the controller. The DoS attacks could cause the controllers to hang or reload, with repeated attacks creating a sustained service denial condition, according to the alert.

Two of the DoS attacks are aimed at Web authentication. In one instance, the attacker can use a vulnerability scanner to cause the controller to stop servicing Web authentication for wireless clients, or cause the controller to reload. The second can trigger a controller reload by sending a malformed post to the Web authentication "login.html" page.

The third DoS attack involves the controller receiving "certain IP packets" that trigger a "DoS condition," causing the controller to become unresponsive. This is limited to software version 4.1 in the 4400 series, Catalyst 6500 Wireless Services Module, and 3750 Integrated Wireless LAN Controllers.

The last attack, classed as a "privilege escalation vulnerability," exists only in controller software version 4.2.173.0. A successful exploitation may allow an unauthenticated user to gain full administrative rights to the targeted controller.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.